Let's Encrypt SSL error generating one for MX

Daniel_Server · December 14, 2021, 4:52am

Hello folks,
I was trying to make my own email server in order to send email like test@site.com
I currently own only on record A with is @ mysite.com.

my old Let’s Encrypt SSL was on: mysite.com and www.mysite.com. but now I want mail.mysite.com.
using virtualmin on the let’s encrypt tab I generate an ssl for: mysite.com and www.mysite.com mail.mysite.com.
And I got this error note that I did it only once so I’m not temporally blocked my Let’s Encrypt.

Requesting a certificate for mysite.com, www.mysite.com, mail.mysite.com from Let’s Encrypt …
… request failed : Web-based validation failed :

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for mail.mysite.com
Using the webroot path /home/mysite/public_html for all unmatched domains.
Waiting for verification...
Challenge failed for domain mail.mysite.com
http-01 challenge for mail.mysite.com
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
 - The following errors were reported by the server:


   Domain: mail.mysite.com
   Type:   dns
   Detail: DNS problem: NXDOMAIN looking up A for mail.mysite.com
   - check that a DNS record exists for this domain

DNS-based validation failed :

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Renewing an existing certificate
Performing the following challenges:
dns-01 challenge for mail.mysite.com
Running manual-auth-hook command: /etc/webmin/webmin/letsencrypt-dns.pl
Waiting for verification...
Challenge failed for domain mail.mysite.com
dns-01 challenge for mail.mysite.com
Cleaning up challenges
Running manual-cleanup-hook command: /etc/webmin/webmin/letsencrypt-cleanup.pl
Some challenges have failed.
IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: mail.mysite.com
   Type:   dns
   Detail: DNS problem: NXDOMAIN looking up TXT for
   _acme-challenge.mail.mysite.com - check that a DNS record
   exists for this domain

How could I fix this error?
Thanks

Joe · December 14, 2021, 6:30am

I don’t know how that error could be more clear?

You don’t have an A record for a name you tried to issue a certificate for. If you don’t want mail.domain.tld to be part of the certificate don’t include it. It obviously cannot be part of the certificate if you haven’t made a record for it in your DNS server (if you host DNS in Virtualmin, it knows what records exist, if you host DNS elsewhere, you need to manage that yourself).